Manufacturing DangerBy Samuel Greengard | Posted 2015-12-11 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Any electronic device connected to a network is potentially at risk, so security must be part of any design, engineering or manufacturing process from the start.
Manufacturing products used to be a fairly straightforward proposition. However, in the digital age—where almost everything involves chips, software and circuit boards—the complexities and dangers of producing products are on the rise.
The latest reminder comes from news reports about police body cams that are infected with the Conficker virus. The malware—also known as Downup, Downadup and Kido—first appeared in 2008 and exploits a flaw in the Windows operating system that allows it to access sensitive and private data on a system. Conficker was the most prevalent computer worm in history, infecting in the neighborhood of 2 million computers in nearly 200 countries.
This time around, the malware mysteriously appeared on $499 Frontline police body cameras from Martel Electronics, according to researchers from iPower Technologies, a networking managed services provider. Many observers speculate that the malware was loaded onto these cameras prior to the manufacturer shipping them. Once connected, however, Conficker could spread to other devices and do serious harm.
It would be great if the story ended there, but it's essential to recognize that any electronic device that connects to a network is potentially at risk. And the Internet of things, which could hit 25 billion devices by 2020, represents a huge risk.
There are numerous reports of Android smartphones from China shipped with malware from the factory. PC manufacturer Lenovo also admitted last February that it had shipped computers with Superfish malware that could compromise security.
A few weeks ago, news spread that Dell had shipped personal computers loaded with self-signed root digital certificates called eDellRoot. Researchers at Duo Security say that the certificate could allow an attacker to gain access, manipulate traffic and deliver malware, all while appearing to be a trusted developer.
It's not entirely clear why Dell pre-installed the certificate, though the company says it was to provide the system service tag to Dell for support and the faux pas was unintentional. The company has since issued instructions for removing it.
The bottom line? Security must be part of any design, engineering or manufacturing process from the start, regardless of whether you're producing phones, computers, automobiles or jet engines.
It's also necessary to apply stringent standards across a supply chain and out to third parties, and check any and all industrial equipment for infection. As hackers, attackers and cyber-thieves become more sophisticated, the dangers and risks will continue to grow.